http authentication vs post form

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Skara
Forum Regular
Posts: 703
Joined: Sat Mar 12, 2005 7:13 pm
Location: US

http authentication vs post form

Post by Skara »

I have a really simple question that I can't seem to find an answer to.

Is http authentication more or less secure than using an html form? Do they both do the same basic thing?
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

http auth is handled by the web server (most of the time anyway) form auth would be up to the programmer to deal with.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

From HTTP point of view, it's the same, it's done either by headers or by POST data. From the point of app programing, it's easier to manage logins in a database than in a flat file if you have lots of users. nickvd has a point though, if you need to have one admin and all other users are just guests, just put all admin stuff in a directory, and protect it with .htacess and that's it.
User avatar
Skara
Forum Regular
Posts: 703
Joined: Sat Mar 12, 2005 7:13 pm
Location: US

Post by Skara »

Ok, I didn't figure either would be much better than the other. Just curious. Thanks.
Post Reply